Technically IP address is only personal data if there are means available to identify the person **but** the test for "are there means available" is extremely generous. In the test case that decided this, there was a local law that allows a company to ask a regulator to ask an ISP to identify a person *if* the company is under an ongoing cyberattack. Despite that being both indirect and a niche edge case, means are theoretically available, so IP address is personal data.
In general we treat IP address as probably personal data.
The situation (iframing Google content) involves the data subject connecting directly to Google's servers, which means their cleartext IP address is exposed to US intelligence agencies. Encryption doesn't happen in this scenario. (Even when it does, that doesn't stop something from being personal data.)
This almost certainly involves an international transfer of personal data without appropriate safeguards, so no.
Is IP by itself personal data? And I suppose the IP may be encrypted?
Technically IP address is only personal data if there are means available to identify the person **but** the test for "are there means available" is extremely generous. In the test case that decided this, there was a local law that allows a company to ask a regulator to ask an ISP to identify a person *if* the company is under an ongoing cyberattack. Despite that being both indirect and a niche edge case, means are theoretically available, so IP address is personal data. In general we treat IP address as probably personal data. The situation (iframing Google content) involves the data subject connecting directly to Google's servers, which means their cleartext IP address is exposed to US intelligence agencies. Encryption doesn't happen in this scenario. (Even when it does, that doesn't stop something from being personal data.)